Today many enterprises now use cloud-based computing platforms that allow services and data to be accessed over the Internet (or via other networks). Infrastructure providers of these cloud-based computing platforms offer network-based processing systems that often support multiple enterprises (or tenants) using common computer hardware and data storage. This “cloud” computing model allows applications to be provided over a platform “as a service” supplied by the infrastructure provider. The infrastructure provider typically abstracts the underlying hardware and other resources used to deliver a customer-developed application so that the customer no longer needs to operate and support dedicated server hardware. The cloud computing model can often provide substantial cost savings to the customer over the life of the application because the customer no longer needs to provide dedicated network infrastructure, electrical and temperature controls, physical security and other logistics in support of dedicated server hardware.
Multi-tenant cloud-based architectures have been developed to improve collaboration, integration, and community-based cooperation between customer tenants without compromising data security. Generally speaking, multi-tenancy refers to a system where a single hardware and software platform simultaneously supports multiple organizations or tenants from a common data storage element (also referred to as a “multi-tenant database”). The multi-tenant design provides several advantages over conventional server virtualization systems. First, the multi-tenant platform operator can often make improvements to the platform based upon collective information from the entire tenant community. Additionally, because all users in the multi-tenant environment execute applications within a common processing space, it is relatively easy to grant or deny access to specific sets of data for any user within the multi-tenant platform, thereby improving collaboration and integration between applications and the data managed by the various applications. The multi-tenant architecture therefore allows convenient and cost-effective sharing of similar application feature software between multiple sets of users.
A cloud-based computing environment can include a number of different data centers, and each data center can include a number of instances, where each instance can support many tenants (e.g., 10,000 tenants or more). As such, large numbers of tenants can be grouped together into and share an instance as tenants of that instance. Each tenant is its own organization (or org) that is identified by a unique identifier (ID) that represents that tenant's data within an instance.
Consumers may use computer network systems, such as the Internet, to access a variety of data, applications, services, and other resources. Prior to allowing a user to access system resources, an authentication procedure is often employed to reliably verify the identity of the user. For example, passwords may be used for user authentication to prove an identity and/or to gain access to a protected resource. For instance, during a log in process a user may send a username and password to a remote server or server system in order to authenticate the user for access to resources provided by that server system. Even more generally, a username and password may be used to control access to protected computing devices, operating systems, applications (e.g., email, web sites, etc.), databases, networks, etc.
The password has long been a thorn in the side of users and organizations alike, and it is also the root of many serious and costly problems. Password-based authentication can be somewhat cumbersome to the user because having to remember and manage multiple passwords for multiple applications or services is difficult. For example, each resource typically requires its users to have unique usernames. A user may be required to remember several different usernames in order to access different resources. A user has to keep track of which username was used to set up the account for each resource. Likewise, each resource may have different rules as to the types of character strings that may be used as passwords (e.g., a particular number of characters, a combination of alphabetic and numeric characters, at least one special character (such as !, @, #, $, %, &, etc.). Thus, in addition to remembering different usernames, a user may also be required to remember several different passwords in order to access different resources, and also keep track of which username-password pair applies to each account. As a result, users often use simple passwords and/or reuse the same password across multiple services and that can negatively impact security. Weak, default, or stolen credentials are often involved in or the cause of data breaches.
To improve security, organizations often require stronger password complexity and more frequent changes, but this often leads to poor user security practices, such as writing passwords down or using the same password for multiple applications, and increased costs because users forget their passwords and have to call for resets. In addition, the service provider in a particular organization that has the poorest security controls becomes the weakest link, and if this service provider gets compromised (or any other service provider), the credentials to all the other service providers get compromised too. Organizations also lose productivity when users use passwords to log in separately to multiple applications each day to do their jobs. Many organizations feel they have to sacrifice security for user convenience. From a security perspective, password-based authentication may be vulnerable to certain types of attacks or other security issues in addition to problems associated with remembering and keeping track of different usernames and password combinations for different accounts.
As password-based authentication has become more susceptible to being compromised in recent years, interview-based authentication solutions (e.g., passwordless authentication solutions) have recently been developed that aim to eliminate authentication vulnerabilities. Today, some Internet websites or service providers implement some form of passwordless log in that allow their users to log in without a password, often by sending a one-time-password over email or SMS to the end user when user tries to log in. Examples of passwordless authentication can include Touch ID, push notifications, onetime passcodes, etc. Passwordless authentication is not only more secure, but easier, friendlier, and faster than traditional password-based authentication solutions.
In a multi-tenant environment, each tenant is tasked with implementing proprietary solutions for user self-registration log in and deploying those solutions to end users. Moreover, within a single tenant, each service provider may also be tasked with implementing proprietary solutions for user self-registration and log in and deploying those solutions to end users. This process can be very time-consuming for each service provider of a particular application or service. For example, one drawback is that the process of setting up user self-registration and log in functionality is very complex, unique and relatively static once it is set up and defined. Each implementation requires lots of set up and coding that has to be specific to that implementation and the underlying technology involved. For example, a text or SMS passwordless log in solution would require completely different set up and coding in comparison to an email-based passwordless log in solution. The process of implementing proprietary solutions for user self-registration and log in is not only very time-consuming, but inefficient in the event the service provider wants to provide users with multiple different user self-registration and log in options. This would require completely different set up and coding for each implementation.